Found a really good WordPress security tips a while ago:
Directories should not be left open for public browsing.
There is a potential problem letting people know what plug-ins you have, or what versions they are. If there is some known exploit that is linked to a plug-in, it could be easy enough for someone to use it to their advantage.
To test whether your site is vulnerable to this issue, just go to http://<your_site>/wp-content/plugins
Your site SHOULDN’T be listing all the plug-ins available on your site.
It’s fairly simple to protect your WordPress installation from public browsing:
1. Make an empty wp-content/plugins/index.html file
2. just add this line in your .htaccess file in your root:
Options All -Indexes